All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
pdftron::PDF::VerificationOptions Class Reference

#include <VerificationOptions.h>

Public Types

enum  SecurityLevel { e_compatibility_and_archiving = 0, e_maximum = 1 }
 
enum  TimeMode { e_signing = 0, e_timestamp = 1, e_current = 2 }
 
enum  CertificateTrustFlag {
  e_signing_trust = 1, e_certification_trust = 2, e_dynamic_content = 4, e_javascript = 16,
  e_identity = 32, e_trust_anchor = 64, e_default_trust = 97, e_complete_trust = 119
}
 

Public Member Functions

 VerificationOptions (const VerificationOptions &other)
 
 VerificationOptions (TRN_VerificationOptions impl)
 
VerificationOptionsoperator= (const VerificationOptions &other)
 
 ~VerificationOptions ()
 
void Destroy ()
 
 VerificationOptions (SecurityLevel level)
 
void AddTrustedCertificate (const UChar *in_certificate_buf, size_t in_buf_size, const UInt16 in_trust_flags=e_default_trust)
 
void AddTrustedCertificate (const UString &in_filepath, const UInt16 in_trust_flags=e_default_trust)
 
void AddTrustedCertificates (const UChar *in_P7C_binary_DER_certificates_file_data, const size_t in_size)
 
void LoadTrustList (const FDF::FDFDoc &in_fdf_cert_exchange_data)
 
void EnableModificationVerification (bool in_on_or_off)
 
void EnableDigestVerification (bool in_on_or_off)
 
void EnableTrustVerification (bool in_on_or_off)
 
void SetRevocationTimeout (const UInt32 in_revocation_timeout_milliseconds)
 
void EnableOnlineCRLRevocationChecking (bool in_on_or_off)
 
void EnableOnlineOCSPRevocationChecking (bool in_on_or_off)
 
void EnableOnlineRevocationChecking (bool in_on_or_off)
 
UInt32 GetTrustedCertificateCount ()
 
Crypto::X509Certificate GetTrustedCertificate (const UInt32 index)
 

Public Attributes

TRN_VerificationOptions m_impl
 

Detailed Description

Options pertaining to digital signature verification.

Definition at line 21 of file VerificationOptions.h.

Member Enumeration Documentation

Enumerator
e_signing_trust 
e_certification_trust 
e_dynamic_content 
e_javascript 
e_identity 
e_trust_anchor 
e_default_trust 
e_complete_trust 

Definition at line 52 of file VerificationOptions.h.

Enumerator
e_compatibility_and_archiving 
e_maximum 

Definition at line 27 of file VerificationOptions.h.

Enumerator
e_signing 
e_timestamp 
e_current 

Definition at line 37 of file VerificationOptions.h.

Constructor & Destructor Documentation

pdftron::PDF::VerificationOptions::VerificationOptions ( const VerificationOptions other)
pdftron::PDF::VerificationOptions::VerificationOptions ( TRN_VerificationOptions  impl)
pdftron::PDF::VerificationOptions::~VerificationOptions ( )
pdftron::PDF::VerificationOptions::VerificationOptions ( SecurityLevel  level)

Constructs a set of options for digital signature verification.

Parameters
level– the general security level to use. Sets other security settings internally.

Member Function Documentation

void pdftron::PDF::VerificationOptions::AddTrustedCertificate ( const UChar in_certificate_buf,
size_t  in_buf_size,
const UInt16  in_trust_flags = e_default_trust 
)

Adds a certificate to the store of trusted certificates inside this options object.

Parameters
in_certificate_buf– a buffer consisting of the data of an X.509 public-key certificate encoded in binary DER (Distinguished Encoding Rules) format, or in PEM (appropriate Privacy-Enhanced Mail header+Base64 encoded DER+appropriate footer) format
in_buf_size– buffer size
in_trust_flags– a combination of trust flags (see enum CertificateTrustFlag) that determine for which situations this certificate should be trusted during trust verification. There is a default parameter value, the e_default_trust CertificateTrustFlag, which matches Acrobat's behaviour for this parameter.
void pdftron::PDF::VerificationOptions::AddTrustedCertificate ( const UString in_filepath,
const UInt16  in_trust_flags = e_default_trust 
)

Adds a certificate to the store of trusted certificates inside this options object, by loading it from a file.

Parameters
in_filepath– a path to a file containing the data of an X.509 public-key certificate encoded in binary DER (Distinguished Encoding Rules) format, or in PEM (appropriate Privacy-Enhanced Mail header+Base64 encoded DER+appropriate footer) format.
in_trust_flags– a combination of trust flags (see enum CertificateTrustFlag) that determine for which situations this certificate should be trusted during trust verification. There is a default parameter value, the e_default_trust CertificateTrustFlag, which matches Acrobat's behaviour for this parameter.
void pdftron::PDF::VerificationOptions::AddTrustedCertificates ( const UChar in_P7C_binary_DER_certificates_file_data,
const size_t  in_size 
)

Bulk trust list loading API from P7C. Attempts to decode the input data as binary DER and trust multiple trusted root certificates from it. Compatible with Acrobat's .P7C format, which is a variation on PKCS #7/CMS that only contains certificates (i.e. no CRLs, no signature, etc.). If a certificate cannot be decoded, this is ignored and an attempt is made to decode the next certificate. This overload takes no account of trust-level flags because none are available in the P7C format. Therefore, when this function is used, all certificates in the P7C file will be loaded as if trusted for everything, which may lead to false positives when compared to other PDF software. (Most applications use the FDF Cert Exchange format.) The FDF-trust-list-loading function "LoadTrustList" should be used instead whenever possible.

Parameters
in_P7C_binary_DER_certificates_file_data– the P7C-format bulk certificate data, encoded in binary DER (Distinguished Encoding Rules)
in_size– the size of the data, in bytes
void pdftron::PDF::VerificationOptions::Destroy ( )
void pdftron::PDF::VerificationOptions::EnableDigestVerification ( bool  in_on_or_off)

Sets a flag that can turn on or off the verification of the digest (cryptographic hash) component of a digital signature.

Parameters
in_on_or_off– A boolean.
void pdftron::PDF::VerificationOptions::EnableModificationVerification ( bool  in_on_or_off)

Sets a flag that can turn on or off the verification of the permissibility of any modifications made to the document after the signing of the digital signature being verified, in terms of the document and field permissions specified by the digital signature being verified.

Parameters
in_on_or_off– A boolean.
void pdftron::PDF::VerificationOptions::EnableOnlineCRLRevocationChecking ( bool  in_on_or_off)

Enables/disables online CRL revocation checking. The default setting is for it to be turned off, but this may change in future versions.

Note
CRL checking is off by default because the technology is inherently complicated and resource-intensive, but may help improve verification rate when files are verified against a recent reference-time (e.g. maximum security mode), because online CRLs will be valid within that time. This mode will not be useful for old archival-type ('LTV') documents verified in archiving-and-compatibility security mode, because their online OCSP and/or CRL responder servers may not be alive anymore. However, such LTV documents can be created (if the CRL responder servers are still active) by enabling online checking, verifying, and then embedding the data using DigitalSignatureField.EnableLTVOfflineVerification.
Parameters
in_on_or_off– what setting to use
void pdftron::PDF::VerificationOptions::EnableOnlineOCSPRevocationChecking ( bool  in_on_or_off)

Enables/disables online OCSP revocation checking. The default setting is for it to be turned on.

Parameters
in_on_or_off– what setting to use.
void pdftron::PDF::VerificationOptions::EnableOnlineRevocationChecking ( bool  in_on_or_off)

Enables/disables all online revocation checking modes. The default settings are that online OCSP is turned on and online CRL is turned off, but the default CRL setting may change in future versions.

Note
CRL checking is off by default because the technology is inherently complicated and resource-intensive, but may help improve verification rate when files are verified against a recent reference-time (e.g. maximum security mode), because online CRLs will be valid within that time. This mode will not be useful for old archival-type ('LTV') documents verified in archiving-and-compatibility security mode, because their online OCSP and/or CRL responder servers may not be alive anymore. However, such LTV documents can be created (if the CRL responder servers are still active) by enabling online checking, verifying, and then embedding the data using DigitalSignatureField.EnableLTVOfflineVerification.
Parameters
in_on_or_off– what setting to use
void pdftron::PDF::VerificationOptions::EnableTrustVerification ( bool  in_on_or_off)

Sets a flag that can turn on or off the verification of the trust status of a digital signature.

Parameters
in_on_or_off– A boolean.
Crypto::X509Certificate pdftron::PDF::VerificationOptions::GetTrustedCertificate ( const UInt32  index)

Get the certificate at a specific position in the current list of trusted certificates.

Parameters
index– the index of the certificate in the current list.
Returns
the certificate at position index in the list.
UInt32 pdftron::PDF::VerificationOptions::GetTrustedCertificateCount ( )

Get the number of trusted certificates that have been added.

Returns
the number of trusted certificates.
void pdftron::PDF::VerificationOptions::LoadTrustList ( const FDF::FDFDoc in_fdf_cert_exchange_data)

Bulk trust list loading API with trust flag support. Loads a trust list that is structured in Acrobat's FDF Data/Cert Exchange format into the VerificationOptions certificate store. Use of this function is strongly recommended instead of the P7C API (i.e. AddTrustedCertificates). Certificates inside the FDF trust list that cannot be decoded and loaded, will be skipped.

Parameters
in_fdf_cert_exchange_data– an FDFDoc from the FDF cert exchange data
VerificationOptions& pdftron::PDF::VerificationOptions::operator= ( const VerificationOptions other)
void pdftron::PDF::VerificationOptions::SetRevocationTimeout ( const UInt32  in_revocation_timeout_milliseconds)

Sets the timeout for online revocation requests.

Parameters
in_revocation_timeout_millisecondsThe timeout value in milliseconds.

Member Data Documentation

TRN_VerificationOptions pdftron::PDF::VerificationOptions::m_impl

Definition at line 218 of file VerificationOptions.h.


The documentation for this class was generated from the following file: